Address Sanitizer安装和使用


参考

https://www.cnblogs.com/gscnblog/p/15612349.html

https://github.com/google/sanitizers/wiki/AddressSanitizer

由于 C/C++ 这类编程语言与硬件(主要是内存)非常贴近,使用 C/C++ 编程,经常遇到的的一个问题就是内存错误,其中可能包括:

  1. 内存泄漏:忘记 free 之前在堆中申请的内存,并丢失了所申请内存的指针;
  2. 内存访问越界:包括对全局内存、栈内存、堆内存访问的越界;
  3. 释放后使用:访问已经被 free 的内存;
  4. 返回后使用:访问已经返回的函数栈中的内

 

版本升级到GCC 4.9以上

sudo apt-get update
sudo apt-get install gcc-4.9
sudo apt-get install g++-4.9
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.9 10
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-4.9 10

实例代码:

#include <stdlib.h>

int main() {
  char *x = (char*)malloc(10 * sizeof(char*));
  free(x);
  return x[5];
}

g++ -fsanitize=address  -g main.cpp  

./a.out

=================================================================
==14326==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000000095 at pc 0x562e0085aa54 bp 0x7ffe25ae8bd0 sp 0x7ffe25ae8bc0
READ of size 1 at 0x607000000095 thread T0
#0 0x562e0085aa53 in main /data/backup/test_sanitizer/main.cpp:10
#1 0x7f5e67656c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
#2 0x562e0085a909 in _start (/data/backup/test_sanitizer/a.out+0x909)

0x607000000095 is located 5 bytes inside of 80-byte region [0x607000000090,0x6070000000e0)
freed by thread T0 here:
#0 0x7f5e67b047a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8)
#1 0x562e0085aa0b in main /data/backup/test_sanitizer/main.cpp:8
#2 0x7f5e67656c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

previously allocated by thread T0 here:
#0 0x7f5e67b04b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x562e0085a9fb in main /data/backup/test_sanitizer/main.cpp:7
#2 0x7f5e67656c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: heap-use-after-free /data/backup/test_sanitizer/main.cpp:10 in main
Shadow bytes around the buggy address:
0x0c0e7fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c0e7fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c0e7fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c0e7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c0e7fff8000: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa
=>0x0c0e7fff8010: fa fa[fd]fd fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0e7fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==14326==ABORTING

 

posted @ 2024-03-12 17:29  七星望  阅读(47)  评论(0编辑  收藏  举报